Incomplete cleanup in Intel Chipset Firmware
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-26074 |
| CWE-ID | CWE-459 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel Server Platform Services Firmware Web applications / Other software |
| Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Incomplete cleanup
EUVDB-ID: #VU66486
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26074
CWE-ID:
CWE-459 - Incomplete cleanup
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incomplete cleanup in a firmware subsystem. A local administrator can cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Platform Services Firmware: before SPS_E3_04.08.04.330.0
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00669.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
